Don't require free users to login to purchase membership

We’ve been monitoring our registration page for months using HotJar.

Our estimate is that we are losing about 30% of sales because existing free users cannot upgrade to a paid subscription without login in.

Problem is that many of them forgot their credentials but are not allowed to purchase a subscription using the same email address they used to create a free account.

Most of them try to pay a few times but give up. Result = lost sales!

Is there a way to allow free users to upgrade to a paid subscription without having to log in?

If their email is in the system, just have S2Member to update their status to paid members without them having to remember their password.

I’m confident this little change could help us increase our sales dramatically.

Please help,

Thanks

1. s2Member doesn’t handle logins. It leaves that to WordPress. So this isn’t an s2Member issue.
2. There’s a reason WordPress works like that. How is it supposed to know whether the attempt to login is genuine or not? That’s the whole point of having to use a password.
3. Come to that, how do you know whether the attempt to login is genuine or not?
4. How would your method create sales anyway? You’d be upgrading these users without their paying anything. And you couldn’t charge them for future months because you’d have no way of billing them.
5. Why can’t the genuine users among this group simply reset their password and then login?

It sounds to me as though what you really need is:
(a) a more informative message when someone attempts to login but fails,
(b) a clearer indication of where a free member needs to go to reset his/her password, and
© better information provided on the Login Welcome Page about how to go about upgrading, so that free members don’t simply attempt to buy a new membership when not logged in.

Hi Tim,

Thanks for your quick reply and advice.

We’ve actually implemented your 3 points a while ago:

a) We customized the login fail error to remind people to login before upgrading
b) We have 3 automatic follow up emails spaced 2 days apart reminding new users how to recover their password in case they forgot it.
c) The Login Welcome Page has a clear button and instructions on how to upgrade. This is not the problem though. Once they are logged in everything works fine. The problem is when they registered for free and try to purchase the upgrade at a later date. It’s then that they give up once they fail to purchase trying to use the same email. They either fail to read the warning message or forget their password.
70% of our users are accessing our site via their phones so for them to try to fetch their password is a hassle.

Now to your points:

1. s2Member doesn’t handle logins. It leaves that to WordPress. So this isn’t an s2Member issue.
The problem is that S2Member forces existing users to login before they can upgrade their membership.

2. There’s a reason WordPress works like that. How is it supposed to know whether the attempt to login is genuine or not? That’s the whole point of having to use a password.
If the email already registered we know the user is legitimate because they could only confirm their account if their email was legitimate. We just need for S2Member to let an existing user to upgrade using their existing free account email without having to login.

3. Come to that, how do you know whether the attempt to login is genuine or not?
See answer for 2. The worst thing that could happen is that someone would upgrade using someone else’s email address. This is quite unlikely unless they were buying an upgrade for a friend.

4. How would your method create sales anyway? You’d be upgrading these users without their paying anything. And you couldn’t charge them for future months because you’d have no way of billing them.
They cannot upgrade without paying. The problem is when they try to upgrade and they already have an account. By default, S2Member just tells them that the email is already in use. We updated the message to include a link to the login page so they have to login before the can upgrade. The problem is that now, just at the crucial moment when they were about to upgrade, we are forced to send them to a different page where 70% of the time they forgot their password. Now they have to reset their password. It’s so much hustle many of them simply give up!

5. Why can’t the genuine users among this group simply reset their password and then login?
See 4. Because it creates too much friction. Remember most of our users are accessing our site via their smartphone so it’s super inconvenient to fetch for a password and type it manually. Friction causes lost sales. Our audience is 90% kids between 18 and 25 years old. They have zero patience. We need to remove that friction one way or another.

This is exact workflow we need when an existing free user attempts to upgrade their membership:

Enter their information as usual

1. If the email matches an existing user then simply let them purchase like if they were a new user
2. In the backend, instead of creating a new user (impossible because it already exists) simply have S2Member upgrade them to a paid member
3. Send them a confirmation email that their account has been upgraded.

Is there an easy way to accomplish this or do I need to hire a developer to override s2Member behavior?

Thanks!

Sorry, but none of your points are about s2Member at all. Talk of “overriding s2Member behavior” is therefore wide of the mark.

What you are looking for is simply a way for WordPress – note WordPress – to allow someone to login in the circumstances you have outlined. s2Member just follows WordPress here so, if you manage to do that with WordPress, then it will work with s2Member.

Exactly. This is not a problem. It is the way things work. How is s2Member supposed to know a visitor is a registered User unless they login? If your Users are either too stupid or too lazy login and/or reset their passwords they are going to be a pain in your backside if you offer any type of support.

This, and step 1, are theoretically possible, but you would need to redirect them to another form because an upgrade and a new registration are two different things requiring different shortcodes. If these people won’t login or reset their password, they aren’t going to fill in the second form. (Well, a portion of them won’t.)

This will happen automatically if you get step 2 working.

There is no easy way to do this whether you are referring to WordPress or s2Member (@KTS915 is right about the registration using WordPress core, but it could be worked around and purchasing an upgrade is definitely on s2Member).

Thank you for you help.

I would like to override S2Member/Wordpress behavior so we can test a workflow with less friction.

I want to go from this:

After a couple of days, existing free user decides to upgrade and goes back to our website:

1. Existing free user clicks on buy paid subscription
2. User enters new account details and clicks the Paypal Buy button
3. User gets error saying email is already in use and a link to login before upgrading
4. User clicks link and cannot remember their password
5. User clicks the recover password link
6. User enters email address associated with existing account and clicks submit
7. User leaves website and opens email to find email with reset password link
8. User clicks reset password link and enters new password
9. User now uses new password to login
10. User clicks on upgrade button on Login Welcome Page to upgrade
11. Users selects upgrade option and pays with PayPal

To this:

1. Existing free user clicks on buy paid subscription
2. User enters new account details and clicks the buy button
3. User pays with Paypal

In the background S2Member recognizes existing email and simply upgrades user to a paid account.

That’s 11 steps versus 3 steps. About 30% of users give up by step 4. 70% of our users are trying to complete those 11 steps from their phone which makes the process even more cumbersome.

How can I make this happen? Should I hire a developer at Upwork? any recommendations?

Thanks again

The shortened ladder still faces the same problem.

Let’s assume, a visitor clicks the buy button and enters login credentials which are tested internally through custom code.

The code asserts that these credentials are wrong.

Now, there is no way to detect if this attempt was made by a genuine user or by someone else.

When you say ‘s2Member’ simply upgrades to a paid account’, you’re essentially instructing/asking a software to process a monetary transaction without even knowing if the person requesting the same is really a genuine account holder or not!!!

As @KTS915 indicated that it is very much possible through a custom code, I must add that it is dangerous (if I can use this word) to go ahead with this method.

Rajeev, I agree 100% with you that this is dangerous. I certainly wouldn’t want to do it!

Thank you for your reply.

Let me address the concerns expressed.

Here are the 3 possible scenarios that could cause a non-genuine account holder to pay using someone else’s email address:

1. A friend or parent of the account holder buying membership for the account holder as a gift. In our case, this is not unusual because our audience is young and many don’t have PayPal or a credit card to make the transaction.
2. An existing account holder that enters someone else’s email address by mistake. In this case we are certain we would hear a complain from the user that didn’t receive access and we would give them access. We could verify that the person complaining made the purchase because we would ask them to reply from the same email address they used in PayPal to make the purchase.
3. And idiot or a philanthropist that enjoys guessing people’s email addresses and buy them access to our site to feel better about themselves.

Any of the 3 cases above would be very unlikely and wouldn’t pose any real threat to the integrity of the website. It would only mean than in less than 1% of cases we would have to reassign ownership to the actual person making the purchase.

If we could force Wordpress to give access only to the owner of the PayPal address then any of those concerns would be eliminated all together. We simply would create a new account using the legitimate PayPal address and ignore the existing user’s matching email entered upon registration.

Please let me know if I’m missing any other possible dangerous scenarios before I go ahead with the modifications.

Thanks!

Unfortunately, they don’t come close to exhausting the possible scenarios. I can think of many, but here’s one pretty simple one.

Someone makes a fraudulent transaction and then asks for a refund. They have a script that extracts account details. You pay the refund but the true account holder now loses money elsewhere because the fraudster was able to use the information that s/he obtained.

You are clearly in breach of your agreement with the payment provider, because you didn’t take reasonable steps to verify that the purchaser was who s/he claimed to be. So the payment processor is not liable to compensate the true account holder. You are. Oh, and if you live in the US, you’ll probably be liable for punitive damages too, because you essentially colluded in fraud.

Thanks Tim,

Since access to the paid account is sent to the email used during registration, I’m not sure how a fraudster could get access to the true account holder details unless they also had access to their email account.

If that was the case, requesting their credentials to make a purchase would be a moot point because they could’ve already have reseted the password by accessing the reset link in the true account holder’s email account.

In that case, I don’t see how could I be liable for a transaction performed using an email from a user whose email account was previously hacked before they interacted with my website.

Here is another possible solution to reduce the friction that is causing us to lose so many sales.

Have users authenticate their account using Facebook Connect.
It’s a one click interaction and already around 80% of our users are creating a free account that way via the Facebook Login Pro plugin.

The other 20% would still have to enter or reset their password through the cumbersome ladder of hell but it would optimize the workflow for the rest of users.

As soon as the email entered is recognized as existing, then a popup with the Facebook connect/ login box would appear telling the user to login first.

If the buyer entered someone else’s email by mistake then a new account would be created using the buyers email and boom, problem solved.

Now I would need to modify S2Member behavior to trigger that login popup when an existing email is used to make a purchase.

How difficult would that be to implement?

Thanks again, everyone on this thread has been tremendously helpful so far.

I’ll just make one point to all that: your argument that “they could’ve already have reseted the password by accessing the reset link in the true account holder’s email account.” only works if they can get access to that email account. This way, they don’t need to have such access, and everything happens in one location.

But I’m not going to give you lessons on internet security here. You can read up on all the things you’d be encouraging by browsing appropriate sites via Google. (How about some porn, sir, or perhaps a bit of illegal gambling, which you won’t even know is happening on your site because it will be being used for back-end processes – i.e. laundering – and not for front-end displays?)

The real issue here is that security is a many-layered enterprise. If you strip away an expected layer, you have immediately voided the immunity that your payment provider gives you from being liable for compensation, and you make yourself open to claims for punitive damages.